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(57) Abstract: One embodiment of the present invention provides a system for managing encryption within a database system that is 
managed by a database administrator, and wherein a user administrator not otherwise associated with the database system, manages 
users of the database system. This system performs enciyption automatically and transparently to a user of the database system. 
ITie system operates by receiving a request to store data in a column of the database system. If a user has designated the column 
as an encrypted column, the system automatically encrypts the data using an encryption function. This encryption function uses a 
key stored in a keyfile managed by the security administrator. After encrypting the data, the system stores the data in the database 
system using a storage function of the database system. 
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METHOD AND APPARATUS FOR AUTOMATIC 
DATABASE ENCRYPTION 

Inventor: Richard R. Wessman 

5 

BACKGROUND 

Field of the Invention 

10 The present mvention relates to computer security and databases within 

computer systems. More specifically, the present invention relates to a method and 
apparatus for automatically encrypting and decrypting data to be stored in a database. 

15 Related Art 

Modem database systems store and retrieve vast quantities of information. 
Some of this information is sensitive, such as credit card numbers, bank balances, and 
nuclear secrets, and hence must be protected so that the information does not end up 
in the wrong hands. 

20 Some database systems are able to restrict access to specific information by 

using access controls that are specified in security profiles assigned to each client 
Such systems prevent a client fi-om accessing information other than what has been 
authorized for the client. This normally protects the sensitive information and, 
therefore, leads users to trust the database system to ensure that information stored 

25 within the database system remains secret 

There is, however, a major weakness in these types of database systems. Itie 
data base administrator (DBA) has access to everything that is stored within the 
database system. This unrestricted access allows an unscrupulous DBA to steal 
information from the database system and to use the stolen information for illicit 

30 purposes. Note that is not practical to implement access controls for tiie DBA 
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because doing so prevents the DBA from performing necessary database maintenance 
functions. 

Sensitive information can be kept secret from the DBA by encrypting the 
sensitive information within the user application at the client. In this approach, all 
5 sensitive information is stored in an encrypted form within the database system and is 
consequently protected from examination by the DBA. This approach has the 
advantage that the DBA is not restricted from performing database maintenance 
functions. A major drawback to this approach, however, is that all user applications 
that handle sensitive information need to be able to encrypt and decrypt infonnatlon. 
10 Providing such encryption and decryption code in all of the numerous applications 
that handle sensitive data is very inefficient 

What is needed is a method and an apparatus that allows a DBA to have 
unrestricted access to the database system while protecting sensitive information 
within the database system m an efficient manner. 

15 

SUMMARY 

One embodiment of the present invention provides a system for managing 
encryption withm a database system that is managed by a database administrator, and 
wherem a user administrator not otherwise associated with the database system, 

20 manages users of the database system. This system performs encryption 

automatically and transparently to a user of the database system. The system operates 
by receiving a request to store data in a column of the database system. If a user has 
designated the colimrm as an encrypted column, the system automatically encrypts the 
data using an encryption function. This encryption function uses a key stored in a 

25 keyfile managed by the security administrator. After encrypting the data, the system 
stores the data in the database system using a storage function of the database system. 

In one embodiment of the present invention, the system manages decrypting 
encrypted data stored in the database system. The system operates by receiving a 
request to retrieve data from the encrypted column of the database system. If the 

30 request to retrieve data is from an authorized user of the database system, the system 
allows the authorized user to decrypt encrypted data, otherwise, the system prevents 
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decrypting encrypted data if the request to retrieve data is received from the database 
administrator, the security administrator, or the user administrator. 

In one embodiment of the present invention, the security administrator selects 
the mode of encryption for the column. The mode of encryption can be, but is not 
5 limited to, data encryption standard (DES) or triple DES. 

In one embodiment of the present invention, the security administrator, the 
database administrator, and the user administrator are distinct roles. A person 
selected for one of these roles is not allowed to be selected for another of these roles. 

In one embodmient of the present invention, the security administrator 
10 manages the keyfile. In doing so, the security administrator creates the keyfile. Next, 
the security administrator establishes how many keys are to be stored in the keyfile. 
The security administrator then establishes a relationship between a key identifier and 
the key stored in the keyfile. The keyfile can be stored in a location such as an 
encrypted file in the database system, or a location separate from the database system. 
15 Finally, the security administrator moves an obfiiscated copy of the keyfile to a 
volatile memory within a server associated with the database system. 

In one embodiment of the present invention, the security administrator 
specifies a column to be encrypted. If the colunm currently contains encrypted data, 
the system decrypts the data using the previous key. After decrypting the encrypted 
20 data or if the column contains clear-text data, the system encrypts the data using a 
new key. 

In one embodiment of the present invention, the key identifier associated with 
the encrypted column is stored as metadata associated with a table containing the 
encrypted column within the database system. 

25 In one embodiment of the present invention, the security administrator 

establishes encryption parameters for the encrypted column. These encryption 
parameters include, but are not limited to, encryption mode, key length, and integrity 
type. The security administrator can manually enter the encryption parameters for an 
encrypted column. The security administrator can also establish a profile table in the 

30 database system for savuig and recovering encryption parameters for the encrypted 
column. 
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BRIEF DESCRIPTION OF THE FIGURES 
FIG. 1 illustrates a database system in accordance with an embodiment of the 
present invention. 

5 FIG. 2 illustrates details of a database system in accordance with an 

embodiment of the present invention. 

FIG. 3 is a flowchart illustrating the process of creating a keyfile in 
accordance with an embodiment of the present invention. 

FIG. 4 is a flowchart illustrating the process of creating an encryption profile 
10 in accordance with an embodiment of the present invention, 

FIG. 5 is a flowchart illustrating the process of establishing a column in the 
database as an encrypted colunm in accordance with an embodiment of the present 
invention. 

FIG. 6 is a flowchart illustrating the process of storing data in the database 
15 system in accordance with an embodiment of the present mvention. 

FIG. 7 is a flowchart illustrating the process of retrievmg data from the 
database system in accordance with an embodiment of the present invention. 

DETAILED DESCRIPTION 

20 The following description is presented to enable any person skilled in the art 

to make and use the invention, and is provided in the context of a particular 
application and its requirements. Various modifications to the disclosed embodiments 
will be readily apparent to those skilled in the art, and the general principles defined 
herein may be applied to other embodiments and applications without departing from 

25 the spirit and scope of the present invention. Thus, the present invention is not 
intended to be limited to the embodiments shown, but is to be accorded the widest 
scope consistent with the principles and features disclosed herein. 

The data structures and code described in this detailed description are typically 
stored on a computer readable storage medium, which may be any device or medium 

30 that can store code and/or data for use by a computer system. This includes, but is not 
limited to, magnetic and optical storage devices such as disk drives, magnetic tape, 
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CDs (compact discs) and DVDs (digital versatile discs or digital video discs), and 
computer instruction signals embodied in a transmission medium (with or without a 
carrier wave upon which the signals are modulated). For example^ the transmission 
medium may mclude a communications network, such as the Internet 

5 

Database System 

FIG. 1 illustrates a database system in accordance with an embodiment of the 

present invention. As illustrated in FIG. 1, client 1 10 is coupled to database server 

1 12. Client 110 and database server 1 12 may include any type of computer system, 
1 0 including, but not limited to, a computer system based on a microprocessor, a 

mainframe computer, a digital signal processor, a personal organizer, a device 

controller, and a computational engine within an appliance. 

Database server 1 12 is also coupled to database 118. Database 118 can 

include any type of system for storing data m non-volatile storage. This includes, but 
IS is not limited to, systems based upon magnetic, optical, and magneto-optical storage 

devices, as well as storage devices based on flash memory and/or battery-backed up 

memory. 

Database server 1 12 includes key management function 1 14 and obfuscated 
keyfile 116. Obfuscated keyfile 1 16 contains a copy of the data in keyfile 120. 
20 Keyfile 120 contains keys and key identifiers for encrypting and decrypting data. 
Keyfile 120 is stored on a system separate fiom the database system or can be stored 
as an encrypted table in database 118. 

User 102 accesses database 118 through client 110. User administrator 104 
grants privileges to user 102 for accessing database 118. User administrator 104 is 
25 not allowed to access the database. 

Security administrator 106 manages the encryption system through database 
server 112. Managing the encryption system includes, but is not limited to managing 
keyfile 120 and specifying which columns of tables in database 118 are encrypted. 
Database administrator 108, manages the database system by performing 
30 services such as data backup, data recovery, storage allocation, and the like. 
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Within the database system, user administrator 104» security administrator 
106, and database administrator 108 are distinct roles. A person selected for any one 
of these roles may not be selected to perform any of the other roles. 


S Database Details 

FIG. 2 illustrates details of a database system in accordance with an 
embodiment of the present invention. In addition to key management function 1 14 
and obfuscated keyfile 116, database server 1 12 also mcludes, but is not limited to, 
encryption function 204, decryption function 206, storing fimction 208, and retrieving 
10 function 210. 

Encryption function 204 uses keys firom obfuscated keyfile 1 16 to encrypt data 
202 received firom client 110. Decryption function 206 uses keys firom obfuscated 
keyfile 1 16 to decrypt data 212 received from database 118. Storing fimction 208 
stores data 212 in database 1 18, while retrieving function 210 retrieves data 212 from 

15 database 118. 

Database 118 includes, but is not lunited to, table 218, profiles 220, and 
metadata 222. Table 218 is organized with related data located in a single row that 
spans columns 224, 226, 228, and 230. As illustrated m HG. 2, the first row of table 
218 contains XXX in column 224, national identifier NID in column 226, YYY in 

20 column 228, and ZZZ in column 230. Data 212 is stored and retrieved from rows of 
table 218. 

Metadata 222 stores encryption parameters for table 218 in columns 240, 242, 
244, and 246. The first row of metadata 222 relates to colunm 226 in table 218. 
Column 240 identifies column 226 as encrypted. Column 242 contauis the key 

25 identifier for the key within obfuscated keyfile 116 that is used to encrypt data m 
column 226. Column 244 indicates the encryption mode. In this example, data 
encryption standard (DES) encryption is being used. Column 246 indicates the data 
integrity mechanism to be used to detect tampering with the encrypted data. In this 
example, message digest 5 (MD5) is being used. Encryption parameters are supplied 

30 to database server 1 12 as parameters 2 1 6 for storing in metadata 222. 
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Profiles 220 stores encryption profiles created by security administrator 106 in 
columns 232, 234, 236, and 238. The first row of profiles 220 contains a profile. 
Column 232 indicates the name, 999, of the profile. Column 234 indicates the 
encryption mode. In this example, the profile indicates that data encryption standard 
5 (DES) encryption is being used. Column 236 indicates the key-length to use. This 
example indicates a key-length of 56 bits. Column 238 indicates the data integrity 
mechanism to be used with the profile. TTiis example Indicates that secure hash 
algorithm 1 (SHA-1) is being used. Profiles are supplied to database 1 18 as profile 
214. 

10 

Creating a Kevfile 

FIG. 3 is a flowchart illustrating the process of creating keyfile 120 in 
accordance with an embodiment of the present invention. The system starts when key 
management function 114 receives a request from security admmistrator 106 to create 

15 keyfile 120 (step 302). Key management function 1 14 receives the number of keys to 
create from security administrator 106 (step 304). Next, key management function 
1 14 receives the name of keyfile 120 from security administrator 106 (step 306). Key 
management function 1 14 also receives a random key generator seed fi-om security 
administrator 106 (step 308). 

20 Key management function 1 14 generates the keys and matching key identifiers 

(step 310). Next, key management function 1 14 stores keyfile 120 (step 312). Note 
that keyfile 120 may be stored in a location remote to the database system or may be 
stored as an encrypted table within database 1 18. 

Finally, key management function 114 makes an obfuscated copy of keyfile 

25 120 and stores it as obfuscated keyfile 1 16 in volatile memory of database server 1 12 
(step 314). 

Creating a Profile 

FIG. 4 is a flowchart illustrating the process of creatmg an encryption profile 
30 in accordance with an embodiment of the present invention. The system starts when 
key management function 1 14 receives a request from security administrator 106 to 
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create aa encryption profile (step 402). Key management function 1 14 receives the 
name of the profile to create fi'om security administrator 106 (step 404). Next, key 
management function 1 14 receives the encryption algorithm to associate with the 
profile (step 406). Key management function 1 14 then receives the key-length to 
S associate with the profile (step 408). Next, key management fiinction 1 14 receives 
the type of data integrity to associate with the profile (step 410). Key management 
function 1 14 creates the profile (step 412). Fmally, key management function 1 14 
stores the profile, consisting of the profile name, encryption mode, key-length, and 
integrity type in cohmins 232, 234, 236, and 238, respectively, in the next available 
10 row of profiles 220 (step 414). 

Establishing an Encrypted Column 

FIG. 5 is a flowchart illustrating the process of establishing a column in the 

database as an encrypted column m accordance with an embodiment of the present 
1 S invention. The system starts when database server 112 receives a request to encrypt a 

column, say column 226, oftable 21 8 in database 118 (step 502). Database server 

1 12 first determines how security admmistrator 106 specified the encryption 

parameters (step 504). 

If the encryption parameters are supplied by using a profile, database server 
20 1 12 retrieves the profile 214 from profiles 220 in database 1 18 (step 506). After 

retrieving the encryption parameters form profile 214 or if the parameters were 

supplied in the request at step 504, database server 1 12 determines if the column 

akeady contains data (step 508). 

If the column already contains data in step 508, database server 1 12 inspects 
25 metadata 222 to determine if the data in the colunm was previously encrypted (step 

510). If the data in the column was previously encrypted in step 510, retrieving 

function 210 retrieves the cipher-text data fix)m table 218 (step 512). Next, 

decryption function 206 decrypts the data usmg the previous key obtained fix>m 

metadata 222 (step 5 14). 
30 If the data is not encrypted at step 510, retrieving function 210 retrieves the 

clear-text data fi-om table 218 (step 516). When the clear-text is available after step 
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514, or step 516, encryption function 204 encrypts tfie data (step 518). Next, storing 
function 208 stores the cipher-text data in table 218 (step 520). 

If the column does not contain data at step 508 or after the cipher-text data is 
stored in step 520, database server 1 12 stores the encryption parameters for the 
5 column in metadata 222 (step 522). 

Storing Data in the Database 

FIG. 6 is a flowchart illustrating Ihe process of stormg data in database 1 1 8 in 
accordance wiih an embodiment of the present mvention. The system starts when 

10 database server 1 12 receives a request to store data 202 from client 1 10 (step 602). 
Database server 1 12 examines metadata 222 to determine if the column where the 
data will be stored is encrypted (step 604). If the column is encrypted (step 606), 
database server 1 12 retrieves the encryption parameters for the column from metadata 
222 (step 608). Database server 1 12 then retrieves the encryption key related to the 

15 key identifier (KID) from obfuscated keyfile 1 16 (step 609). Next, encryption 

function 204 encrypts the data (step 610). After the data is encrypted in step 610 or if 
the column is not encrypted at step 606, storing function 208 stores the data in table 
218 (step 612). 

20 Retrieving Data from the Database 

FIG. 7 is a flowchart illustratmg the process of retrieving data from database 
1 18 in accordance with an embodiment of the present invention. The system starts 
when database server 1 12 receives a request from client 1 10 to retrieve data from 
database 118 (step 702). Retrieving function 210 retrieves the data from table 218 in 

25 database 118 (step 704). Next, database server 112 determines if the request is from 
an authorized user (step 709). 

If the request is from an authorized user at step 709, database server 1 12 
examines metadata 222 to determine if the column related to the data is encrypted 
(step 708). If database server 1 12 determines that the data is encrypted in step 708, 

30 database server 1 12 retrieves the encryption parameters from metadata 222 (step 710). 
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Database server uses the key identifier (KID) to retrieve the decryption key from 
obfuscated keyfile 116. 

Next, decryption function 206 decrypts the data (step 712). After the data is 
decrypted in step 712 or if the data was determined to not be encrypted in step 708» 
S database server 1 12 returns the data to client 1 10 (step 714). If the request is not from 
an authorized user at step 709, the data is not returned to the client. Specifically, the 
database administrator, the security administrator, and the user administrator are not 
authorized users and, therefore, are prevented fix)m decrypting and receiving 
encrypted data stored within the database. 

10 

The foregoing descriptions of embodiments of the mvention have been 
presented for purposes of illustration and description only. They are not intended to 
be exhaustive or to limit the present invention to the forms disclosed. Accordmgly, 
many modifications and variations will be apparent to practitioners skilled in the art. 
15 Additionally, the above disclosure is not mtended to lunit the present mvention. The 
scope of the present invention is defined by the appended claims. 
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WhatlsQaimedls; 

1 . A method for managing encryption within a database system that is 
managed by a security adrnmistrator, wherein encryption is performed automatically 
5 and transparently to a user of the database system, wherein users of the database 
system are managed by a user administrator, the method comprising: 

receiving a request to store data m a colunm of the database system, wherein 
the column is designated as an encrypted column; 

in response to receiving the request, automatically encrypting data using an 
10 encryption function, wherem the encryption function uses a key stored in a keyfile 
managed by the security administrator; and 

storing data in the database system usmg a storage function of the database 

^stem. 

13 2. The method of claim 1 , further comprising: 

receiving a request to retrieve data from the encrypted column of the database 
system; 

if the request to retrieve data is received from the database administrator, 
preventing the database administrator from decrypting encrypted data; 
20 if the request to retrieve data is received from the security administrator, 

preventing the security administrator from decrypting encrypted data; and 

if the request to retrieve data is from an autiiorized user of the database 
system, allowing the authorized user to decrypt encrypted data. 

25 3. The method of claim 1, wherein the security administrator selects one 

of, data encryption standard (DBS) and triple DES as a mode of encryption for the 
column. 

4. The method of claim 1, wherein the security administrator, the 
30 database administrator, and the user administrator are distinct roles, and wherein a 
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person selected for one of these roles is not allowed to be selected for another of these 
roles. 

5. The method of claim 1, wherein managing the keyfile includes, but is 
S not limited to: 

creating the keyfile; 

establishing a plurality of keys to be stored in the keyfile; 

establishing a relationship between a key identifier and the key stored m the 

keyfile; 

10 storing the keyfile in one of, 

an encrypted file in the database system, and 
a location separate fix)m the database system; and 
moving an obfiiscated copy of the keyfile to a volatile memory within a server 
associated with the database system. 

15 

6. The method of claim 1, wherem upon receiving a request from the 
security administrator specifying the column to be encrypted, if the column currently 
contains data, the method further comprises: 

decrypting the column using an old key if the column was previously 
20 encrypted; and 

encrypting the column using a new key. 

7. The method of claim 5, wherein the key identifier associated with the 
encrypted column is stored as metadata associated with a table containing the 

25 encrypted column within the database system. 

8. The method of claim 5, further comprising establishing encryption 
parameters for the encrypted column, wherein the encryption parameters include 
encryption mode, key length, and integrity type by: 

30 entering encryption parameters for the encrypted column manually; and 
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recovering encryption parameters for the encrypted column from a profile 
table in the database system. 

9. A computer-readable storage medium storing instructions that when 
S executed by a computer causes the computer to perform a method for managing 

encryption within a database system that is managed by a security administrator, 

wh^em encryption is performed automatically and transparently to a user of the 

database system, wherein users of the database system are managed by a user 

administrator, the method comprising: 
10 receivuig a request to store data in a column of tiie database system, wherein 

the cohm[in is designated as an encrypted column; 

in response to receivmg the request, automatically encrypting data usmg an 

encryption function, wherein the encryption function uses a key stored in a keyfile 

managed by the security administrator; and 
1 3 storing data m the database system using a storage function of the database 

system. 

10. The computer-readable storage medium of claim 9, the method 
further comprises: 

20 receiving a request to retrieve data from the encrypted column of the database 

system; 

if the request to retrieve data is received from the database administrator, 
preventing the database administrator from decrypting encrypted data; 

if the request to retrieve data is received from the security administrator, 
25 preventing the security administrator from decrypting encrypted data; and 

if the request to retrieve data is from an authorized user of the database 
system, allowing the authorized user to decrypt encrypted data. 


30 


1 1 . The computer-readable storage medium of claim 9, wherein the 
security administrator selects one of, data encryption standard (DES) and triple DES 
as a mode of encryption for the colunm. 
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12. The computer-readable storage medium of claim 9, wherein the 
security administrator, the database administrator, and the user administrator are 
distinct roles, and wherein a person selected for one of these roles is not allowed to be 

S selected for another of these roles. 

13. The computer-readable storage medium of claim 9, wherein managing 
the keyfile includes, but is not limited to: 

creating the keyfile; 
1 0 establishing a plurality of keys to be stored in the keyfile; 

establishing a relationship between a key identifier and the key stored in the 

keyfile; 

storing the keyfile in one of, 

an encrypted file in the database system, and 
IS a location separate fi*om the database system; and 

moving an obfuscated copy of the keyfile to a volatile memory withm a server 
associated with the database system. 

14. The computer-readable storage medium of claim 9, whereta upon 
20 receiving a request fi-om the security administrator specifying the column to be 

encrypted, if the column currently contains data, the method fiirther comprises: 
decryptmg the column using an old key if the column was previously 

encrypted; and 

encrypting the colunm using a new key. 

25 

1 5. The computer-readable storage medium of claim 13, wherein the key 
identifier associated with the encrypted column is stored as metadata associated with a 
table containing the encrypted colunm within the database system. 

30 16. The computer-readable storage medium of claim 13, wherein the 

method further comprises establishing encryption parameters for the encrypted 
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column, wherein the encryption parameters include encryption mode, key length, and 
integrity type by: 

entering encryption parameters for the encrypted colunm manually; and 
recovermg encryption parameters for the encrypted column fix3m a profile 
S table in the database system. 

17. An apparatus that facilitates managing encryption within a database 
system that is managed by a security administrator, wherein encryption is performed 
automatically and transparently to a user of the database system, wherein users of the 
database system are managed by a user administrator, comprising: 

a receiving mechanism that is configured to receive a request to store data in a 
column of the database system, wherein the column is designated as an encrypted 
colunm; 

an encrypting mechanism that is configured to encrypt data using an 
encryption function, wherein the encryption function uses a key stored in a keyfile 
managed by the security admmist'ator; and 

a stormg mechanism that is configured to store data in the database system 
using a storage function of the database system. 

18. The apparatus of claim 17, further comprising: 
the receiving mechanism that is further configured to receive a request to 

retrieve data fi*om the encrypted column of the database system; 

an access mechanism that is configured to prevent the database administrator 
and the security administrator fi-om decrypting encrypted data; and 

wherein the access mechanism is configured to allow an authorized user of 
the database system to decrypt encrypted data. 

19. The apparatus of claim 17, fiulher comprising a selection mechanism 
that is configured to select one of, data encryption standard (DES) and triple DES as a 

3 0 mode of encryption for the column. 


10 


15 


20 


25 
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20. TTie apparatus of claim 17, wherein the security administrator, the 
database administrator, and the user administrator are distinct roles, and wherein a 
person selected for one of these roles is not allowed to be selected for another of these 
roles. 

5 

2 1 . The apparatus of claim 1 7, further comprising: 

a creating mechanism that is configured to create the keyfile; 
an establishmg mechanism that is configured to establish a plurality of keys to 
be stored in the keyfile; 
10 wherein the establishing mechanism is fiirther configured to establish a 

relationship between a key identifier and the key stored in the keyfile; 

a storing mechanism that is configured to store the keyfile in one of, 
an encrypted file in the database system, and 
a location separate fi'om the database system; and 
15 a moving mechanism that is configured to move an obfiiscated copy of the 

keyfile to a volatile memory within a server associated with the database system. 


22. The apparatus of claim 17, fiirther comprising: 
a decrypting mechanism that is configured to decrypt the column using a 
20 previous key if the column was previously encrypted; and 

wherein the encrypting mechanism is fiirther configured to encrypt the column 
usmg a new key. 


23 . The apparatus of claim 2 1 , wherein the key identifier associated with 
25 the encrypted column is stored as metadata associated with a table contauiing the 
encrypted column within the database system. 


24. The apparatus of claun 2 1 , wherein the establishing mechanism is 
fiirther configured to establish encryption parameters for the encrypted column, 
30 wherein encryption parameters include encryption mode, key length, and integrity 
type, and wherem the establishing mechanism mcludes: 
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an entering mechanism that is configured to enter encryption parameters for 
the encrypted colunm manually; and 

a recovering mechanism that is configured to recover encryption parameters 
for the encrypted column from a profile table in the database system. 
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